Challenges
Internet service providers (ISPs) often struggle with a disproportionately high bandwidth usage by a
relatively small portion of their subscribers.
This disparity is caused by high-bandwidth applications such as peer-to-peer file sharing (P2P),
video streaming and large file downloads from file hosting services (DDL). The following two charts
- taken from ipoque's
Internet Study 2007 - put the relative user numbers of these applications
plus Web browsing, Voice over IP (VoIP) and instant messaging (IM) in contrast with the traffic
they generate.
The challenge ISPs face is twofold: On one side, these kind of new services are the very reason for new subscribers to sign up for broadband Internet access. On the other side, the excessive use by too many simultaneous users certainly drives up infrastructure costs, but, more importantly, may adversely affect the quality of experience (QoE) for interactive applications such as Web browsing, Internet telephony or online gaming.
Solutions The simplest solution is a priority management that favors important applications over less
important with a huge bandwidth usage. It can be as simple as having a single bandwidth management
rule that assigns P2P file sharing a lower priority than all other traffic. This approach is not
only simple and highly effective, it also provides a fair bandwidth sharing model for all subscribers.
P2P users get all the available bandwidth, but as soon as the demand of other applications rises,
for instance during office hours, P2P is slowed down to accommodate for the increased demand.
The screenshot below is taken from the statistics section of a PRX Traffic Manager deployed at
an ISP network and shows the effect of this simple one-rule configuration. Clearly visible is the
mirror-like behavior of the P2P (red) and non-P2P (blue) line. As non-P2P traffic rises in the
late afternoon - due to mostly residential customers - P2P traffic is pushed back all the way down
to zero to make room for the more important traffic. This picture alone provides an idea of how
poor the network performance would be without this kind of traffic management.
Advanced Priority Management
Using multi-tiered priorities enables the offering of improved quality of experience (QoE)
for interactive and real-time applications. For instance, all Voice over IP (VoIP) traffic
gets the highest priority, Web browsing and audio and video streaming get high priority,
P2P file sharing gets the lowest priority and everything else the default priority.
The result is that VoIP packets will be dropped last, which can only happen if the link
is saturated with VoIP - a very unlikely situation. P2P packets are always dropped first
until no P2P is possible, if the demand from all other applications is that high.
And between these two, Web browsing and streaming will operate faster in a congestion
situation then all other, non-time-critical applications.
Operators of educational and research networks at schools and universities face a number
of very unique challenges. Their often high-speed Internet connectivity in combination
with largely unrestricted access expose these organizations to bandwidth-hogging applications
such as peer-to-peer (P2P) file sharing and media streaming. P2P applications like BitTorrent
and eDonkey still consume well over 50% of the available bandwidth. Audio and video streaming
applications embedded in Web sites like YouTube grow in popularity. The right chart shows the
protocol distribution at German universities and is taken from ipoque's
Internet Study 2007.
While this has an adverse impact on the overall network performance and keeps driving the
communication costs, particularly file sharing also has a legal implication as most of the
exchanged content violates copyright laws. The left chart shows the types of files exchanged
over P2P networks at German universities. It is important to note that this includes not only
downloads, but also uploads, where the university network hosts the mostly copyright-protected
content. Depending on local legislation, this can potentially have serious legal implications.
Key Benefits
Reduced communication and infrastructure costs
Improved network performance
Offer legal P2P file sharing at full speed to staff and students
No conflicts with copyright laws
Bandwidth Management
Bandwidth management using the deep packet inspection (DPI) technology of ipoque's PRX Traffic Manager to reliably identify high-bandwidth applications such as P2P file sharing can significantly reduce network traffic. One option is to simply prioritize important applications such as Web browsing, e-mail and Voice over IP (VoIP) to guarantee a high quality of experience to their users even at times of high traffic load.
In addition, the data rates available for P2P file sharing can be limited to a level that leaves enough resources available for more important applications. Optionally, each student can be assigned a monthly allowance of P2P traffic through the PRX Traffic Manager's subscriber management.
Legal File Sharing PRX Traffic Manager offers a unique feature to provide full access to legal P2P file sharing resources such as Linux distributions, open source software and NASA imagery. Nearly all of this legal P2P content is distributed using BitTorrent. By putting all acceptable sources in the BitTorrent whitelist, such content can be accessed without restrictions, while access to all other, undesired content can be blocked. Many of ipoque's educational customers have implemented an online submission procedure that allows students to request additional BitTorrent sources to be white-listed.
More and more protocols are not sufficiently identified, filtered or blocked by firewalls,
IDS or IPS and enter enterprise networks unchecked. But with an ipoque PRX solution,
placed on the front of the network, you can meet your strict company policies. Extremely
critical are for instance encrypted P2P protocols with which over 90% illegal files are
distributed. This is about software, movies, audio books or music protected by copyright.
Instant Messengers which enable unauthorized file transfer through all security installations
are very crucial as well. Thus a board meeting live via Skype can be accessed outside the
company by a third party on the same encrypted way.
Key facts:
Key benefits:
Layer-7 protocol detection with DPI and behavior analysis
VoIP, P2P, IM, media streaming, Web, e-mail protocol support
detection of encrypted protocols like Skype, BitTorrent, eDonkey/eMule, Winny
Subscriber-level bandwidth and policy management
true Gigabit wire speed
over 600,000 packets per second
over 20 million concurrent connections
over 500,000 new connections per second
permit legal and illegal file sharing
regular signature updates
fast integration as transparent bridge
integrated bypass and hot standby for hardware failover
ipoque offers with its DPI technology and its experiences customized, efficient
solutions for LI. They can be implemented as well as new systems and additional units
of already existing systems.
Key facts:
Key benefits:
Layer-7 protocol detection with DPI and behavior analysis
VoIP, P2P, IM, media streaming, Web, e-mail protocol support
Detection of encrypted protocols like Skype, BitTorrent, eDonkey/eMule, Winny
Subscriber-level bandwidth and policy management
True Gigabit wire speed
Over 600,000 packets per second
Over 20 million concurrent connections
Over 500,000 new connections per second
Permit legal and illegal file sharing
Regular signature updates
Fast integration as transparent bridge
Integrated bypass and hot standby for hardware failover
Voice over IP & Skype
Voice over IP (VoIP) and particularly Skype have become the most-widely used Internet applications.
PRX Traffic Manager with its VoIP management capabilities allows network operators to gain
insight in and control over their subscribers' VoIP usage. It allows Internet service providers
to offer differentiated services and to control the VoIP bandwidth consumption of different VoIP
services in their networks.
Peer to Peer
Expensive P2P: File sharing based on Peer-to-Peer (P2P) networks has surpassed the World Wide Web as the single most bandwidth-consuming application in many parts of today's Internet. It can cause a substantial increase in traffic volume which in turn incurs rising communication costs and adversely affects the performance of other network applications such as Web, E-Mail and File Transfer. Legacy filtering approaches based on port numbers are error prone. They produce many mismatches (about 30-50%) and are easily circumvented.
Solution: The PRX P2P filter feature a protocol-based identification of P2P traffic. Once such traffic has been identified, it can be blocked or throttled to a defined rate. Additionally, all P2P traffic is assigned a lower priority than other traffic ensuring an improved network performance during periods of high utilization. The rate limitation is invisible to P2P users. File sharing applications continue to work, only with a lower data rate. This approach minimizes the motivation of users to try to circumvent the P2P filter device.
Facts:
Benefits:
Layer-7 protocol detection with DPI and behavior analysis
VoIP, P2P, IM, media streaming, Web, e-mail protocol support
detection of encrypted protocols like Skype, BitTorrent, eDonkey/eMule, Winny
Subscriber-level bandwidth and policy management
true Gigabit wire speed
over 600,000 packets per second
over 20 million concurrent connections
over 500,000 new connections per second
permit legal and illegal file sharing
regular signature updates
fast integration as transparent bridge
integrated bypass and hot standby for hardware failover
Web GUI and CLI for flexible administration
reduced communication and infrastructure costs
comprehensive network visibility
QoS management per application and subscriber
restrict unauthorized network access
tiered service and pricing models
Network policy management
Instant Messaging
Instant Messengers are popular with many network users. They can pose a severe security threat and degrade staff productivity. It may be favorable to block such IM activities. This can be achieved by installing and activating the IM filter module that plugs seamlessly into the
PRX architecture.
Facts:
Benefits:
Layer-7 protocol detection with DPI and behavior analysis
VoIP, P2P, IM, media streaming, Web, e-mail protocol support
detection of encrypted protocols like Skype, BitTorrent, eDonkey/eMule, Winny
Subscriber-level bandwidth and policy management
true Gigabit wire speed
over 600,000 packets per second
over 20 million concurrent connections
over 500,000 new connections per second
permit legal and illegal file sharing
regular signature updates
fast integration as transparent bridge
integrated bypass and hot standby for hardware failover
Web GUI and CLI for flexible administration
reduced communication and infrastructure costs
comprehensive network visibility
QoS management per application and subscriber
restrict unauthorized network access
tiered service and pricing models
Network policy management
Streaming Protocols
Different new applications, often still in their development, offer streamed content. Receiving radio, television and movies over IP will rapidly grow in future. The requirements on traffic quality, e.g. low latency or low packet loss rate, are extremely high. Streaming protocols use a high portion of bandwidth. The demand for solutions for traffic management and QoS are therefore also very high.
Facts:
Benefits:
Layer-7 protocol detection with DPI and behavior analysis
VoIP, P2P, IM, media streaming, Web, e-mail protocol support
detection of encrypted protocols like Skype, BitTorrent, eDonkey/eMule, Winny
Subscriber-level bandwidth and policy management
true Gigabit wire speed
over 600,000 packets per second
over 20 million concurrent connections
over 500,000 new connections per second
permit legal and illegal file sharing
regular signature updates
fast integration as transparent bridge
integrated bypass and hot standby for hardware failover
+49 6103 906-767